LEGASIS GROUP - DATA PRIVACY POLICY

1. INTRODUCTION

Legasis Private Limited (referred to as “LPL”, “We, “Our” or “Us”) is part of Legasism Group and is committed to protecting the privacy and security of your personal information. We take care to protect the privacy of our customers and users of our products that communicate (online or offline) with us, in store, at events, over the phone, through our web and mobile applications, websites and social media platforms.

Along with LPL, Legasis Group has other companies namely Legasis Consultancy Services Private Limited (“LCSPL”), Comply Global Cloud Solutions Private Limited (“CGCSPL”), Ethics Research and Consulting Private Limited (“Ethics India”), Legasis Solutions Pte. Ltd. (“LSPL”), De-Rix Private Limited (“DPL”), LegaCS Corporate Services LLP.

Legasis Group has developed this Privacy Notice to inform you of the data we collect, what we do with your information, what we do to keep it secure, as well as the rights and choices you have over your personal information.

Throughout this document we refer to Data Protection Legislation which means the The Digital Personal Data Protection Bill, 2023 – India (India DPDP), United Kingdom General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003, all the foregoing as amended from time to time, and any legislation implemented in connection with the aforementioned legislation. Where data is processed by a controller or processor established in the European Union or comprises the data of people of the European Union, it also includes the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.

Legasis Group is the controller for the personal information we process, unless otherwise stated.

You can contact us either by phone, email or post.

Our main trading/postal address:

Legasis Private Limited
12A/09, 13th Floor, Parinee Cresenzo, G-Block, BKC, Bandra East, Mumbai – 400051, India
022-48814444 support@legasis.in

2. THE INFORMATION WE COLLECT AND WHEN

We only collect personal information that we know we will genuinely use and in accordance with the Data Protection Legislation The type of personal information that we will collect about you, and you voluntarily provide to us may include some or all of the following:

• Your name

• Address

• Telephone number(s) – Landline and/or mobile

• Email address – Work/Personal

• Photograph, if needed

• IP address

• Login details – User id, Password

• Your comments, feedback, search query data or other information you provide

• Usage data

We may, in further dealings with you, extend this personal information to include your address, purchases, services used, and subscriptions, records of conversations and agreements and payment transactions, etc.

You are under no statutory or contractual requirement or obligation to provide us with your personal information; however, we require at least the information above in order for us to deal with you as a prospect or customer/member/service user in an efficient and effective manner.

3. LEGAL BASIS FOR PROCESSING OF PERSONAL DATA:

The legal basis for collecting and processing your personal data to operate our business and provide our products and services are the following:

Contract – We may process personal data in order to perform our contractual obligations owed to (or to enter into a contract with) the relevant individuals.

Consent – We may rely on your freely given consent at the time you provided your personal data to us. You may withdraw and/or modify your consent at any time by contacting us at in-fmdataprivacy@kpmg.com.

Legitimate interests – We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. These may include:

• Delivering services to our clients – To deliver the professional services our clients have engaged us to provide including information on new products and services.

• Direct marketing – To conduct and analyse our marketing activities. To deliver timely market insights and speciality knowledge including tailor-made online experience we believe is welcomed by our business clients, subscribers and individuals who have interacted with us.

• Monitor our IT systems – Prevent fraud or criminal activity and protect our IT systems.

• Corporate responsibility – Comply with our corporate and corporate social responsibility commitments.

Legal obligations – We may process personal data in order to meet our legal and regulatory obligations or mandates.

Public Interest – We may process personal data in order to perform a specific task in the public interest or in the exercise of official authority vested in us.

Vital Interests – We may process personal data to protect the vital interests of the individual or another natural person.

4. HOW DO WE COLLECT PERSONAL DATA

Directly: We obtain personal data directly from individuals in a variety of ways, Including obtaining personal data from individuals who provide us with their business card(s), complete our online forms, subscribe to our newsletters, and register for webinars, attend meetings or events we host, visit our offices or for recruitment purposes. We may also obtain personal data directly when, for example, we are establishing a business relationship, performing professional services through a contract, or through our hosted software applications.

Indirectly: We obtain personal data indirectly about individuals from a variety of sources, including recruitment services and our clients:

• Public sources – Personal data may be obtained from news articles, sanctions lists, government intelligence, crime prevention agencies and internet searches.

• Social and professional networking sites – If you register or login to our websites using social media (e.g., LinkedIn, Google, or Twitter) to authenticate your identity and connect your social media login information with us, we will collect information or content needed for the registration or login that you permitted your social media provider to share with us. That information may include your name and email address and depending on your privacy settings, additional details about you, so please review the privacy controls on the applicable social media websites to set how much information you want to be shared with us.

• Business clients – Our business clients may engage us to perform professional services which involves sharing personal data they control as part of that engagement. For example, we will review payroll compliance data as part of an audit. Our services may also include processing personal data under our clients’ control on our hosted software applications, which may be governed by different privacy terms, policies and notices.

• Recruitment services – We may obtain personal data about candidates from an employment agency, and other parties including former employers, and credit reference agencies.

5. HOW WE USE YOUR INFORMATION

To manage Your registration as a user of the Service. The Personal Data You you provide can give You access to different functionalities of the Service that are available to You as a registered user.

• To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted us about;

• Make available our products and services to you;

• Process your registration applications, orders or job applications, as the case may be;

• Take payment from you or give you a refund;

• Approaching you for marketing/sale of our products and/or services

• For statistical analysis and to get feedback from you about our products, websites, mobile apps, and other services and activities.

• To power our security measures and services so you can safely access our website and mobile apps;

• Help us understand more about you as a customer, the products and services you consume, so we can serve you better;

• Creating role-based access, manage your registration in our system

• Sending to you collaterals created by Legasis Group, inviations to attend Legasis Group events

• Provide you with online advertising and promotions; and

• Help answer your questions and solve any issues you have.

We do not sell, rent, or provide any of your personal information to any third parties.

6. WHO WE MAY SHARE YOUR INFORMATION WITH

We may share your personal data with other organisations in any one or more of the following circumstances:

• If the law or a public authority says we must share the personal data;

• If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk);

• From time to time, we employ the services of other parties for dealing with certain processes necessary for the operation of the Website. However, all the information we share will be collected and anonymised, so neither you nor any of your devices can be identified from it.

• We use data processors who are third parties to provide elements of services for us. We have Data Processing Agreements in place with our data processors. This means that they are only able to process your personal information under our strict instructions. They may only share your personal information with other organisations apart from us if we have provided them with prior written consent for this sharing. In addition, these other organisations must comply with our Data Processing Agreement. They will hold your personal data securely and retain it for the period we instruct.

7. HOW WE KEEP YOU UPDATED ON OUR PRODUCTS AND SERVICES

We may send you relevant offers and news about our products and services in a number of ways including by email, but only if you have previously consented to receive these marketing communications. When you register with us, we will ask if you would like to receive marketing communications, and you can change your marketing choices online, over the phone or in writing at any time.

8. YOUR DATA PROTECTION RIGHTS

8.1 the right to be informed about our collection and use of personal data

You have the right to be informed about the collection and use of your personal data. We ensure we do this by providing you with this Privacy Notice. This Notice is regularly reviewed and updated to ensure it accurately reflects our data processing activities.

8.2 Right to Access Your Personal Information

You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed a ‘Data Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and we will respond without delay and within one calendar month of receipt of your request.

We may ask for proof of identity and sufficient information about your interactions with us so that we can locate your personal information. Please note that the time limit for fulfilling your request does not start until we have been able to verify your identity.

8.3 Right to rectification of Your Personal Information

If any of the personal information we hold about you is inaccurate, incomplete or out of date, you may ask us to correct it.

8.4 Right to Stop or withdraw or Limit Our Processing of Your Data

You can withdraw your consent that you have previously given to one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

You have the right to object to us processing your personal information for particular purposes, to have your information deleted if we are keeping it too long, or have its processing restricted in certain circumstances.

8.5 Right to Erasure

You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.

8.6 Right to data Portability

The right to data portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used and machine readable format. It also gives them you the right to request that a controller transmits this data directly to another controller.

If you would like to exercise your Data Subject Rights, you can email support@legasis.in

8.7 Right to intimation in case of breach

You have the right to be notified, alerted and intimated by us in detail in case any breach happens of your personal data. Such intimation shall

9. HOW LONG WE KEEP YOUR INFORMATION FOR

We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the Data Protection Legislation and never retain your information for longer than is necessary. Unless otherwise required by law, your data will be stored for a period of [5 years] after our last contact with you/some other identifiable action or period, at which point it will be deleted.

10. GIVING YOUR REVIEWS AND SHARING YOUR THOUGHTS

When using our websites or web or mobile applications, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our Services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so you are comfortable with how your information is used and shared on them.

11. SECURITY

Data security is of great importance to Legasis Group and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.

We take various and required security measures to protect your information including:

• Limiting access to our offices to those that we have determined are entitled to be there (by use of passes, key card access and other related technologies);

• Implementing access controls to our information technology;

• We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices and stores;

• Never asking you for your passwords;

• Advising you never to enter your account number or password into an email or after following a link from an email.

12. WHAT HAPPENS IF OUR BUSINESS CHANGES HANDS?

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use that data only for the purposes for which it was originally collected by us

13. CHANGES TO OUR PRIVACY NOTICE

We may change this Privacy Notice from time to time (for example, if the law changes). We recommend that you check this policy regularly to keep up-to-date.

14. HOW TO CONTACT US

If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means:

By email: support@legasis.in

By post: 12A/09, 13th Floor, Parinee Cresenzo, G-Block, BKC, Bandra East, Mumbai – 400051, India

Thank you for taking the time to read our Privacy Notice.

Legasis Private Limited

This Policy was last updated on 11th April, 2024